New tools, products, platforms, funding rounds, and company developments in AI security.
A jury ruled that OpenAI CEO Sam Altman and president Greg Brockman are not liable for Elon Musk's claims that they broke a founding contract and unfairly profited from the company. This verdict ends a legal dispute between Musk and OpenAI's leadership over the terms under which OpenAI was originally established.
Security vulnerabilities called 'Claw Chain' were found in OpenClaw, a framework for building AI agents (programs that can perform tasks autonomously). These vulnerabilities allowed attackers to steal login credentials, gain higher-level access to systems, and stay hidden in compromised systems for extended periods. The vulnerabilities have now been patched.
Elon Musk has lost several recent lawsuits and settlements, including a high-profile case against OpenAI and its co-founder Sam Altman, but legal experts believe he is unlikely to stop filing lawsuits or fighting in court because his enormous wealth makes any fines or costs insignificant to him. Despite these losses, Musk continues to pursue aggressive legal battles and public disputes, demonstrating a willingness to take risks that sets him apart from most business leaders.
Pope Leo is releasing an encyclical (a major teaching document from the Catholic Church) called Magnifica Humanitas that addresses how artificial intelligence affects human dignity, workers' rights, and society. The document will be presented at the Vatican on May 25 with Christopher Olah, co-founder of Anthropic (an AI company), and other speakers, marking a significant moment where the Church signals its engagement with rapid technological change similar to how Pope Leo XIII responded to the Industrial Revolution in 1891.
Elon Musk sued Sam Altman over control of OpenAI, a major AI company they co-founded together, but a jury dismissed the case after just two hours due to legal time limits. The trial revealed concerns that many of the powerful tech leaders directing AI development may not be trustworthy or temperamentally suited for the responsibility.
Elon Musk lost a court case against OpenAI and Sam Altman because a jury decided he waited too long to file the lawsuit, not because his claims were false. Musk had accused Altman and OpenAI of breaking an agreement to keep the AI company as a nonprofit charity, but the court ruled the case fell outside the three-year deadline (statute of limitations) for bringing such claims. Musk plans to appeal the decision.
A California jury dismissed Elon Musk's lawsuit against OpenAI and CEO Sam Altman, ruling that Musk had waited too long to file his claims (the statute of limitations, a legal deadline for when lawsuits must be filed, had expired). Musk had accused Altman of breaching a non-profit agreement by converting OpenAI to a for-profit company after Musk donated $38 million early in the company's history. The jury's decision means the case was dismissed on timing grounds rather than on the actual merits of Musk's accusations.
This article reports on a legal case between Elon Musk and Sam Altman, where a jury decided that Musk's claims were invalid either because the statute of limitations (the legal deadline for filing a lawsuit) had expired or due to case dismissals. The jury's decision was advisory (meaning it was only a recommendation to the judge), but the presiding judge accepted their verdict anyway.
Google is attending its annual I/O developer conference as the third-place competitor in the foundation model (large AI systems trained on broad data) race, having fallen behind Anthropic's Claude and OpenAI's systems, particularly in coding capabilities. The article previews expected announcements in three areas: a potential comeback attempt in AI coding tools, continued strength in AI for science (where Google won a Nobel Prize), and moves in health and medicine AI. While Google's internal teams reportedly needed to use competitors' tools to stay productive, major breakthroughs at the conference are unlikely.
Amazon has added a new feature to Alexa Plus (its upgraded AI assistant) that lets users generate podcasts on nearly any topic by simply describing what they want. The AI creates two AI-generated hosts that discuss the chosen topic, and users can preview and customize the podcast before it's created.
According to Stanford economist Mordecai Kurz, tech billionaires are concentrating technological power in a way that weakens democracy, similar to patterns seen during industrialization and the first Gilded Age. Kurz argues that tech moguls often see themselves as superior beings meant to reshape society, citing examples like Anthropic's CEO claiming AI could become a transcendent good while potentially causing mass unemployment.
OpenAI and Dell Technologies are partnering to let businesses use Codex (an AI tool that writes and understands code) in their own private data centers and hybrid environments (networks that combine on-site systems with cloud services) rather than only in the cloud. This allows companies to keep sensitive data secure while using Codex across their existing tools and workflows for both coding tasks and broader business automation.
Organizations buy many security tools to address threats, but this approach fails because companies lack visibility, a unified understanding of their entire IT environment and what each tool is actually monitoring. Attackers exploit the gaps between tools by moving through systems using legitimate access rather than breaking through defenses, meaning the real security problem isn't inadequate tools but an incomplete map of what's happening across all systems.
Fix: The vulnerabilities have been patched. Users should update to the patched version of OpenClaw.
Dark ReadingShadow AI refers to unapproved AI tools that employees use at work without IT oversight, often gaining access to corporate data through quick login approvals that bypass traditional security monitoring. The article explains that 80% of employees use unapproved generative AI applications, and most companies lack formal AI governance policies, creating a visibility gap for security teams. The source describes a five-step program to manage this risk by discovering which tools are running, creating employee-friendly policies, and establishing approved alternatives.
Fix: The source explicitly recommends a five-step program: (1) discover all AI tools in use by auditing OAuth (authorization tokens that grant app access to data) connections, scanning for browser extensions, identifying AI features in already-approved tools, and surveying employees; (2) write a practical policy listing approved tools, specifying which data categories (customer records, source code, financial information) should never enter AI tools, confirming data training opt-out status for sensitive tools, and defining a process for requesting new tools; (3-5) [the source text is incomplete and does not provide steps 3-5]. Implement steps 1-2 to give security teams visibility while providing employees a clear approved path for AI tool adoption.
BleepingComputerUK regulators (Ofcom) are requiring social media platforms, messaging services, and online forums to follow stricter rules to prevent the spread of intimate image abuse (sharing private sexual images without consent, sometimes called 'revenge porn') and AI-generated deepfakes (fake videos created with AI to show people doing things they didn't do). This comes after a rise in such harmful content, particularly targeting women and girls, including a spike in deepfakes created with AI tools like Elon Musk's Grok.
Fix: Ofcom said it would change its codes of practice to force service providers to detect and quash intimate image abuse and crack down on AI-generated deepfakes.
The Guardian TechnologyAI models are rapidly improving at performing multi-stage penetration tests (simulated attacks where attackers try to break into systems through multiple steps), with the difficulty of tasks they can complete doubling every 4.7 months as of early 2025. The UK government's AI Security Institute measured this by comparing how well AI models could replicate tasks that human cybersecurity experts can complete, finding that the latest AI systems are now showing even greater capability and posing real security risks to organizations with weak defenses.
Anthropic is briefing global financial regulators on Claude Mythos, an AI model with advanced capabilities in finding previously unknown cybersecurity flaws that hackers could exploit. Rather than releasing Mythos publicly, Anthropic has restricted access to selected tech companies and banks to help identify weaknesses, while the UK's AI Security Institute has found the latest version shows a significant capability jump, even completing a difficult autonomous hacking test that no prior model had solved.
Fix: UK regulators and the Treasury released guidance directing firms to 'double down' on 'core cyber hygiene,' which includes reviewing legacy systems, implementing good detection mechanisms, establishing proper governance, planning recovery procedures, and considering insurance coverage.
The Guardian TechnologyAI agents (autonomous programs that can perform tasks with minimal human direction) are becoming sophisticated enough to find and exploit obscure vulnerabilities (weaknesses in software), while at the same time developers are creating enormous amounts of AI-generated code that may contain bugs. This combination is forcing security teams to develop new defense strategies.
Researchers have developed CrossMPI, an image-based prompt injection attack (tricking an AI by hiding instructions in its input) that uses nearly invisible changes to images to manipulate how multimodal AI systems (AI that processes both images and text) interpret user instructions without modifying the text itself. The attack successfully fooled multiple vision-language models (AI systems that understand both images and text) about 66% of the time by targeting the intermediate layers where visual and textual information are combined, posing growing security risks as enterprises increasingly adopt multimodal AI systems.
AI-assisted coding is causing a rapid increase in leaked secrets (authentication credentials and API keys), with AI-related secrets exposed jumping 81% in 2025 alone, because developers prioritize speed and functionality over security reviews. When secrets are discovered, organizations should treat them as security incidents, immediately revoking or disabling the exposed credential, generating a new one, investigating system impact, performing cleanup, and hardening systems, followed by post-mortems to improve processes.
Fix: When a leaked secret is detected, organizations should: (1) activate their incident response process immediately; (2) revoke or disable the secret and generate a new one; (3) have the incident response team and R&D investigate the impact across systems and data; (4) perform cleanup and hardening; and (5) conduct post-mortems and implement necessary updates to systems or policies based on lessons learned. The source notes that the CISO office typically coordinates incidents while the R&D team owns actual revocation and cleanup.
CSO Online